Anthropic's 'Secret Sauce' Leaks: Claude Code Source Exposed via npm Source Maps

Theo - t3․gg
#anthropic #claude-code #source-leak #ai-agents #open-source

Anthropic’s tightly guarded Claude Code agentic harness, considered the company’s ‘secret sauce,’ has had its complete source code inadvertently leaked. The incident, occurring around April 1st, stemmed from the inclusion of source maps within the official Claude Code npm package, a common byproduct of JavaScript build processes used for debugging minified code. Historically, Anthropic has maintained a strict closed-source policy for Claude Code, going as far as to issue hundreds of DMCA requests for earlier, smaller leaks. Following this significant breach, Anthropic has continued aggressive DMCA actions, even against forks of their non-source-containing GitHub repository, while officially attributing the leak to ‘human error’ and a ‘release packaging issue,’ not a security breach, asserting no sensitive customer data was exposed.

The leaked code, estimated at 390,000 lines of TypeScript, offers a rare glimpse into Anthropic’s development practices and unreleased features. Discoveries include ‘Buddy’ (an April Fools companion), ‘Dream Mode’ (AI memory consolidation), ‘Coordinator Mode’ (parallel agent execution), and ‘Ultra Plan/Review’ (remote agents for complex tasks and automated, costly code reviews). Technical insights reveal a shift from Stat Sig to Growth Book for feature flagging, alongside efforts to implement anti-distillation techniques by injecting fake tool calls into histories. Code quality, self-assessed at 7/10 (though potentially biased and lacking test coverage in the leak), highlights solid type safety and error handling but also points to ‘god files,’ scattered feature flags, extensive environment variable sprawl, and concerning practices like plaintext credential storage fallbacks. Contrary to some speculation, the leak was not intentional, nor was it caused by a known Bun bug. Furthermore, analysis indicates Claude Code’s agentic harness performs poorly compared to open-source alternatives, even incorporating ideas from projects like Open Code. Calls from the developer community urge Anthropic to open source Claude Code, transparently discuss the leaked features, and adopt a more ‘human’ and less litigious approach in their engagement with the community.